Login with Link (auth back-end only)
To be clear, this is just a fun hack for now. Yes, it works! No, it's not official (from Stripe). Yes, I might change it to break at any time.
Last updated
To be clear, this is just a fun hack for now. Yes, it works! No, it's not official (from Stripe). Yes, I might change it to break at any time.
Last updated
For now, all responsibilty for anything breaking should be directed to m@rkmoriarty.com.
If you work at Stripe: Ask questions on #login-with-link.
Otherwise, email markmoriarty+loginwithlink@stripe.com 👋
You will bring your own session management library (e.g., authjs.dev, as used on shop.markmoriarty.com)
The main steps are quite simple:
/lookup
Collect a user's email for login or signup: Look up this email to see if the email exists on the Link network. We will send you a client_secret
in our response.
(If the user does NOT exist on Link: invite them to sign up for Link. Otherwise, continue with the below.)
/start_verification
If the user does exist on Stripe: ask Stripe to send them the SMS verification code.
/authenticate
Collect the 6-digit code from the user using a form of your own design. Submit this to Stripe, along with the `client_secret` we sent you in step 1.
Click "next" to view instructions to use API only:
Redirect from your site to a Stripe-hosted "Login with Link/Stripe" page, just like you'd do for "Log in with Twitter" or "Log in with GitHub".
Wish: rally >1 other Stripes to have other session-management front-ends (ideally not also using next-auth.js), using this new (minimal) OIDC provider. This should help demonstrate (to less technical folks) how to separate "Login with Link" (as just OIDC) from "session management" (using libraries like next-auth, firebase, supabase, etc.)
Based on today's research, it seems quite doable. Stripe out the front-end pages like /users, and do a redirect instead of log in action, so developer can B.Y.O. session management library: .